package com.paddyi.shiro;

import com.paddyi.model.Resource;
import com.paddyi.model.Role;
import com.paddyi.model.vo.RoleVo;
import com.paddyi.model.vo.UserVo;
import com.paddyi.service.IRoleService;
import com.paddyi.service.IUserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * @program: springcloud
 * @description: Shiro配置信息
 * @author: paddy
 * @create: 2019-04-29 07:33
 **/
public class MyShiroRealm extends AuthorizingRealm {

    private final static org.slf4j.Logger LOGGER = LoggerFactory.getLogger(MyShiroRealm.class);

    @Autowired
    private IUserService userService;
    @Autowired
    private IRoleService roleService;

    /**
     * 登录认证
     *
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        LOGGER.info("---------------------------->登陆验证:");
        UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
        String username = upToken.getUsername();
        if (username == null) {
            throw new AccountException("Null usernames are not allowed by this realm.");
        }
        LOGGER.info("---------------------------->登录用户名:" + username);
        //查询用户
        UserVo user = userService.selectUserVoByLoginName(username);
        if (user == null) {
            //用户不存在就抛出异常
            throw new UnknownAccountException();
        }
        if (0 != user.getStatus()) {
            //用户被锁定就抛异常
            throw new LockedAccountException();
        }
        //这里验证authenticationToken和simpleAuthenticationInfo的信息
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user,
                user.getPassword(), getName());                   //realm name

        return authenticationInfo;
    }

    /**
     * 权限认证
     *
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        if (principalCollection == null) {
            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
        }
        //获取登录用户信息
        UserVo user = (UserVo) getAvailablePrincipal(principalCollection);
        //添加角色和权限
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        for (Role role : user.getRoleList()) {
            //添加角色
            simpleAuthorizationInfo.addRole(role.getName());
            RoleVo roleVo = roleService.selectRoleVoByRoleId(role.getId());
            for (Resource resource : roleVo.getResourceList()) {
                //添加权限
                simpleAuthorizationInfo.addStringPermission(resource.getUrl());
            }
        }
        return simpleAuthorizationInfo;
    }
}
